Crypto-Jacking: Using 9-1-1 Center Computers for Profit

Most of us have heard the term ‘crypto mining’. Cryptojacking is simply using the computer power and electricity of another person or company (in this case a 9-1-1 center or PSAP) without their knowledge to ‘mine coins’.

Simple Explanation

Cryptocurrency is, by design, decentralized. Transactions, which are encrypted, are added to a “block’, the block then gets added to a chain (blockchain). With a computer CPU, or graphics cards, crypto miners run a process to verify these transactions and keep the cryptocurrency world running. For this validation service, crypto miners receive a small payment.

It is less expensive for crypto miners to use ‘someone else’s’ (meaning your) computer processing and electricity.

Cryptojacking is becoming more popular. It is easy money and cryptojacking ’kits’ are available on the dark web for as little as $30.

The actual code can run in the background for a long time without detection. Unlike ransomware, the goal is not to lock up your computers and hold them hostage for payment, the goal is to use as much of your systems CPU as possible without detection. The culprit could be an unknown ‘bad guy’, an employee, contractor, etc.

Public Safety Answering Points (PSAPs) Compromised

We are starting to receive reports of 9-1-1 Centers conducting ‘Cyber Security Benchmarks’ and identifying cryptojacking software. For example, one 9-1-1 center found that cryptojacking was using 60% of the CPU on their Computer Aided Dispatch (CAD) workstations.

In addition to compromising the performance of ‘critical infrastructure’ systems, whoever installed this software OWNS YOU. They may be content with simply using your PSAP to make money, but the fact is they have established two-way communications and are running hidden, malicious software. They could easily take your infected systems down hard.

In the 9-1-1 community, we need to step up our awareness of cybersecurity. While this may be a line item PSAPs will consider putting in their budget for next year- the fact is every center should consider conducting a cyber benchmark asap.